Recherche : [AMD] - Cyberveille

Blog: Zen and the Art of Microcode Hacking https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

06/03/2025 08:22:53

This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others

12/08/2024 06:41:34

AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.

New AMD SinkClose flaw helps install nearly undetectable malware https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

09/08/2024 19:00:22

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections https://www.wired.com/story/amd-chip-sinkclose-flaw/

09/08/2024 14:36:10

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

Threat Actor Claims AMD and Apple Breaches https://www.infosecurity-magazine.com/news/threat-actor-amd-apple-breaches/

21/06/2024 18:35:29

Notorious threat actor IntelBroker is claiming to have © data from Apple and AMD

New ZenHammer memory attack impacts AMD Zen CPUs https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/

26/03/2024 10:03:09

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms https://comsec.ethz.ch/research/dram/zenhammer/

26/03/2024 09:57:53

Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read

China blocks use of Intel and AMD chips in government computers, FT reports https://www.reuters.com/world/china/china-blocks-use-intel-amd-chips-government-computers-ft-reports-2024-03-24/

25/03/2024 09:08:53

China has introduced guidelines to phase out U.S. microprocessors from Intel (INTC.O), opens new tab and AMD (AMD.O), opens new tab from government personal computers and servers, the Financial Times reported on Sunday.
The procurement guidance also seeks to sideline Microsoft's (MSFT.O), opens new tab Windows operating system and foreign-made database software in favour of domestic options, the report said.

LeftoverLocals: Listening to LLM responses through leaked GPU local memory https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/

17/01/2024 16:43:31

By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…

CacheWarp https://cachewarpattack.com/#faq

14/11/2023 21:30:19

CacheWarp is a new software fault attack on AMD SEV-ES and SEV-SNP. It allows attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM.

Nearly every AMD CPU since 2017 vulnerable to Inception bug https://www.theregister.com/2023/08/09/amd_inception/

10/08/2023 09:59:43

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.

Zenbleed https://lock.cmpxchg8b.com/zenbleed.html

26/07/2023 23:10:50

It turns out that with precise scheduling, you can cause some processors to recover from a mispredicted vzeroupper incorrectly!

This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/

15/06/2022 06:54:19

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.

Liens par page

Filtres